Mandriva Update For Curl MDVSA-2011:116 (curl) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in curl: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests (CVE-2011-2192). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp amp products_id=490 The updated packages have been patched to correct this issue.

Affected

curl on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-2192

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:017 (kdebase)
Mandrake Security Advisory MDVSA-2009:037 (bind)
Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:211 (expat)
Mandrake Security Advisory MDVSA-2009:193 (ruby)

Mandriva Update for curl MDVSA-2011:116 (curl)

Take action and discover your vulnerabilities